We claim: \ 

1 . A method for cjpntrol and maintenance of an operational organizational 
structure, the method comprising: 

associating entities with cryptographic capabilities; 
organizing entities within the organizational structure as roles; and 
maintaining roles within the organizational structure. 

2. A method as in claim 1, wherein the method involves at least a public 
key infrastructure operation. 1 

3. A method as in clarni 1 wherein the control and maintenance further 
comprises: 1 

assigning elements in said organizational structure to roles within said 
organizational structure. I 

4. A method as in claim tl wherein the control and maintenance further 
comprises: 1 

assigning elements in said organizational structure to groups within said 
organizational structure. I 

5. A method as in claim 1 where the control and maintenance further 
comprises: I 

assigning elements in said organizational structure to groups within said 
organizational structure. \ 
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6. A method as in claiixi 3 wherein at least some of said elements are 
already grouped elements. 

7. A method as in claim 1 wherein said cryptographic method involves 
access control technology. 



8. A method as in claim 
least an access control operations. 



where said cryptographic method involves at 



9. A method as in claim 1 {where said cryptographic method involve at 
least a data-base operation. 



10. A method as in claim 1 where said cryptographic method involve at 
least one operation implemented in a haidware device. 



11. A method as in claim 1 wherein 
structure represent at least one commercial 



represents at least two organization, and 



in the operational organizational 
organization. 



12. A method as in claim 1 where operational organizational structure 



wherein one of said organizations performs 



at least one function on behalf of second organizations 



13. A method as in claim 1 wl 
further comprises changing software. 



ere the cryptographic method for control 
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14. A method as in claim 1 where the cryptographic method for control 
further comprises changing hardware. 

15. A method as\in claim 1 where cryptographic method for control further 
comprises moving hardware. \ 

16. A system for control and maintenance of an operational structure 
involving at least one cryptographic method, entities within organizations, 
characteristics of said entities and relationships between said entities, wherein the 
system comprises: \ 

maintaining capabilities of entities; 
maintaining functions of entities; 
maintaining characteristics of entities; 
maintaining relationships of entities; and 

changing the maintained said entities said characteristics and said 
relationships. 1 

17. A system as in claim id where at least on of said entities is an 
individual in an organization. I 

18. A system as in claim 16 Where at least on of said entities is a group of 
individuals in an organization. I 

19. A system as in claim 16 where at least one capability is a role in an 
organization. \ 
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20. A system as in claim 16 where at least one capability is a task in an 
organization. \ 

21 . A systern as in claim 16 where at least one function is an operation by 
a functionary in an organization. 

22. A system as in claim 16 where at least one function is an operation by 
a group of functionaries in an organization. 

23. A system as tin claim 16 where said entities in an organization are 
represented in a public key infrastructure directory. 

24. A system as in blaim 16 where at least one of said characteristics and 
said relationships is represented in a directory. 

25. A system as in claim 16 where at least one of said characteristics and 
said relationships is represented in a public key infrastructure directory. 

26. A system as in claim 16 where said system's operations involve 
updating at least one directory. 1 

27. A system as in claim 116 where said system's operations involve 
updating at least one public key infrastructure directory. 
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28. A system as in claim 16 where said changing of the said maintained 
elements comprises change of information processing control structure. 

29. A system as in claim 16 where said changing of the said maintained 
elements comprises change of cryptographic certification information within the 
public-key infrastructure directories. 

30. A system as in claim 16 where said changing of the said maintained 
elements comprises change of databases. 

31. A system as in claim 1 6 where said changing of the said maintained 
elements comprises change of cryptographic certification information within the 
public-key infrastructure directories and further database changes. 

32. A system as in daim 16 where said entities, said characteristics and 
said relationships are maintained by combining databases components and 
components of certification authorities of a public key infrastructure. 

33. A system as in claim 16 where said entities are represented in one 
directory and said characteristics anp said relationships are represented in a second 
directory. 



34. A system as in claim 1 6 where said entities are represented in at least 
first directory and said characteristics ai^d said relationships are represented in at least 
second directory. 
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35. A system as in claim 16 comprising observers, where said entities said 
characteristics and said relationships are partially visible to various observers. 

36. A systemias in claim 16 where said system's operation comprise 
cryptographic key management operations. 

37. A system as in claim 16 where said system's operation is activated by 
at least one designated entity amongst said entities. 

38. A system as in claim 16 where said system's operation is activated 
based on agreed upon rulesl 

39. A system as in claim 16 where said system's operation is activated 
based on authorizations. 1 

40. A system as inlclaim 16 where said system's operation is database 
maintenance operations involwng said entities said characteristics and said 
relationships. 1 

41 . A system as in claim 16 where said characteristics and said 
relationships define authorization rules. 

16 where said characteristics and said 
les based on access structure. 




42. A system as in claiV 
relationships define authorization 
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43. A system as in claim 16 where said characteristics and said 

i 

relationships define authorization rules based on cryptographic capability. 



44. A system as in claim 16 where said characteristics and said 
relationships define authorization rules based on shared cryptographic capability. 

45. A systeiji as in claim 16 with the additional operations of logging said 
system's operations. 

46. A system as in claim 16 with the additional operations of logging said 
system's operations, wh^re said logging is performed in various locations in said 
system. 



47. A system as in claim 16 with the additional operations of monitoring 
operations within said system. 



48. A system as in claim 16 with the additional operations of time- 
stamping operations withii i said system. 

49. A system as in claim 16 where at least one of said system's operations 
is performed distributedly via communication. 

50. A system aslin claim 16 where at least one of said system's operations 

38 




10 



15 



20 



v1> 



\ 

'25 



So 



51. A system as in claim 16 where at least one of said system's operations 
involves physical handling of devices to one of said entities. 

52. A data base system representing an organization involving directories 
representing entities, Iheir characteristics, roles, and relationships together with their 
associations with cryp tographic capabilities, the database system comprising 
following transaction^ components: 

ryptographic authorities representing the cryptographic 
with said entities, said characteristics and said relationships; 
system by which said database and said cryptographic 



connection to o: 
capabilities associatec 
a maintenance 



representation of said 



authorities are mainta; ned in coordination and by authorized parties assuring the 



organization and said cryptographic capabilities are soundly 



associated as defined t y the coordination directives; 

maintenance transactions acting within said maintenance system, maintaining 
view representing an o] ganization. 



53. A sy stenji 
plurality of entities. 



as in claim 52 wherein said organization comprises a 



as in claim 52 wherein said cryptographic authorities is a 
dertification authorities. 



54. A system 
plurality of at least one 

56. A system las in claim 52 wherein said cryptographic authorities is a 
plurality of authorities organized hierarchically. 
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S'TT A system as in claim 52 wherein said authorized parties are maintained 
by another instantiation of the system. 

A systerA as in claim 52 wherein said authorized parties are assigned 
by management of said organization. 

5v A system as in claim 52 wherein said coordinating directives involve 
a to I 

\\j cryptographic fields assuring integrity of the operation. 
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^6T A system as ip. claim 52 wherein said maintaining view representing an 
organization may present different characteristics and components to different outside 



reviewers. 
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A system as in Alaim 52 wherein said cryptographic capabilities 
involve digital certificates. 

A system as in cl^im 52 wherein said organization comprise various 
organizational units. 

& i 

pfS. A system as in claim 52 wherein said organization comprise of various 
organizational units where entitie^ are defined in one unit and their roles are defined 
within a second unit. 
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